[Ecks]

Canada's electronic spy agency says it is taking the "unprecedented step" of releasing one of its own cyber defence tools to the public, in a bid to help companies and organizations better defend their computers and networks against malicious threats. The Communications Security Establishment (CSE) rarely goes into detail about its activities, both offensive and defensive and much of what is known about the agency's activities have come from leaked documents obtained by U.S. National Security Agency whistleblower Edward Snowden and published in recent years. But as of late, CSE has acknowledged it needs to do a better job of explaining to Canadians exactly what it does. Today, it is pulling back the curtain on an open-source malware analysis tool called Assemblyline that CSE says is used to protect the Canadian government's sprawling infrastructure each day. "It's a tool that helps our analysts know what to look at, because it's overwhelming for the number of people we have to be able to protect things," Scott Jones, who heads the agency's IT security efforts, said in an interview with CBC News. On the one hand, open sourcing Assemblyline's code is a savvy act of public relations, and Jones readily admits the agency is trying to shed its "super secret spy agency" reputation in the interest of greater transparency.

Read More @ http://www.cbc.ca/news/technology/cse-ca...-1.4361728

[S3xySmurf]

I find this an exceptional step for a spy agency to open source one its tools to the public, I think more agencies and company's need to open source their applications for the greater good.

[mothered]

To open source It, thereby making It community property for all to see exactly what's going on under the hood, does have It's pros and cons.

On the positive, It'll allow those protecting their systems to have a better understanding of how the tool does just that. On the flip side, It also allows attackers to make an Informed analysis of the tool, hence circumvent It's protection during their exploitation.

[Inori]

The CSE and CSIS have always been very closed off and secretive, even domestically (in fact, the average Canadian doesn't know what either one is). This is a huge step in establishing trust with the public and introducing more transparency into operations, following changes that the RCMP has made in recent years.

[Bish0pQ]

I think this is actually a good thing, it's true like mothered said they can easier analyze code and work around it but on the other hand the code can also be improved and suggestions can be made.

[themakokid]

Wouldn't this make it easier to find exploits?

[Synthx]

I'm actually extremely surprised they would make it open source. Lets just expect a thread sometime soon about how this tool has been exploited and used for something horrible.

[--null--]

I find this an exceptional step for a spy agency to open source one its tools to the public, I think more agencies and company's need to open source their applications for the greater good.

I guess eternalblue counts as a bad example

[f0rg3r]

Open sourcing such tool is a must . I find it really exhausting when all of the major tools are expensive and some of the people that needed it, like students, can't afford to pay .

[FreightTrain]

My guess is they've updated the tool/use another past what they've released to the public to help prevent an attack from analysis of the code. Otherwise I can't see how this is a good idea for a government to release it's cyber line of defense to the public. Transparency can be established in other ways that doesn't put the country's systems at risk.